Ch 9: Mobile Payments. CNIT 128: Hacking Mobile Devices. Updated
|
|
- Rhoda Haynes
- 5 years ago
- Views:
Transcription
1 Ch 9: Mobile Payments CNIT 128: Hacking Mobile Devices Updated
2 Current Generation
3 Scenarios Mobile banking apps NFC-based or barcode-based payment apps used by consumers to purchase goods Premium-rated SMS messages to purchase virtual goods within games, or music Users are billed later via their telephone bill
4 Mobile Banking Apps Banking transactions using a phone View account balances Transfer money Web applications designed to be viewed within the mobile browser Or a WebView inside a native mobile app
5 Mobile Banking Apps Back-end components are the same as for desktop online banking Similar vulnerabilities But with mobile, must also consider device theft Sensitive information may be stored on the device improperly
6 Started in 2011 Supports all major credit cards Card # stored in the cloud A virtual account number is sent to the contactless POS terminal via NFC Contactless Payment Google Wallet
7 Contactless Payment ISIS (now Softcard) Joint venture of Verizon, AT&T, and T-Mobile Began in 2012 Changed its name in 2014 because of the "Islamic State" (link Ch 9a) Purchased by Google in Feb., 2015 Google Wallet will be prominently preinstalled on U.S. Android phones that run KitKat (4.4) or later (link Ch 9e)
8 Android Pay Google's new payment system Replaced Google Wallet for most purposes in 2015 Google Wallet can no longer use NFC No app needed on most phones Android Pay is integrated into the OS Link Ch 9w
9 Security of Mobile Payments Links Ch 9y, 9z
10 Security of Mobile Payments Should be safer than magstripe cards, which are very insecure But customers are wary Link Ch 9x
11 Apple Pay Released on Oct 20, 2014 With iphone 6 and Apple Watch Customer payment information is kept from retailer creates a "dynamic security code [...] generated for each transaction" Link Ch 9d
12 Market History Google was first, but retailers didn't play along Only 2.4% of retailers had NFC in Oct, 2014 Chip-and-PIN deadline was Oct Retailers must update POS systems or accept liability for credit card fraud (link Ch 9c) But the USA actually uses Chip-without-PIN Security done on the server side
13 Only available on Samsung devices Works with NFC or magstripe readers 90% of merchants Samsung Pay
14 Samsung Pay
15 Link Ch 9z1 Samsung Pay
16 US Retailers Prefer Apple Pay Link Ch 9z2, from Feb., 2017
17 CurrentC A group of merchants (MCX) Rite-Aid, CVS, Walmart, Target, etc. Saves merchants credit card processing fees Gives stores access to consumer data Unlike Apple Pay Link Ch 9b, 9h Designed for merchants, not end-users
18 How CurrentC Works Tied directly to your bank account Pay with QC code
19 Retailers Supporting CurrentC
20 CurrentC Collects Health Data
21 CurrentC Hacked in Oct addresses of early testers exposed Link Ch 9j
22 Lin Ch 9z3 Current-C Died in 2016
23 Square Free card reader or stand Plugs into audio jack on ios or Android phone Takes credit card payments by reading the magstripe Used by Starbucks and Whole Foods Began taking Bitcoin in 2014 Will take Apple Pay in 2015
24 Contactless Smartcard Payments
25 Secure Element (SE) Core of the mobile payment platform Secure storage of sensitive information Embedded SE contained within the mobile device Galaxy Nexus UICC aka SIM card Universal Integrated Circuit Card Another SE form factor Link Ch 9m
26 microsd Cards with NFC Allowed early iphones without NFC to use NFC NFC radio included in the microsd card Pioneered by DeviceFidelity Purchased by Kili in 2014 Kili purchased by Square in 2015 Links Ch 9o, p, q
27 Java Card Runtime Environment (JCRE) All SE's use this system Payment applet stored on the card Applet firewall keeps applets from accessing each others' information Robust cryptography including AES and RSA SE's are GlobalPlatform compliant
28 Security and interoperability standards for SE devices Only the owner of an SE can directly read or write to it Mutual identification uses shared keys SE will lock after a number of failed attempts
29 Proximity Payment System Environment (PPSE) Registry of all payment apps in the SE App names and standard Application Identifier Tells the payment terminal what apps are available Allows terminal to select which app it wants to use
30 Payment Apps Responsible for making the actual contactless payment Contain sensitive information associated with a particular payment account Java Card applets that are stored and run inside the SE
31 Payment Apps Cryptographic capabilities of the JCRE allow banks to securely verify transactions One method is to generate a one-time Card Verification Value for each transaction, called a dynamic CVV (dcvv) Application Protocol Data Unit (APDU) Used to send instructions to applets on the SE
32 Command Application Protocol Data Unit (C-APDU)
33 Large Commands If the amount of data to be transmitted to the applet is greater than 256 bytes Multiple C-APDUs can be chained together
34 Response Application Protocol Data Unit (R-APDU)
35 Contact and Contactless Interfaces These are the two ways to send APDUs to the SE Contact Interface Connects the SE to the phone itself Contactless Interface Connected to the NFC radio Used to communicate with Point-of-Sale (POS) terminals Not available to applications on the phone
36 Simplified Contactless Transaction
37
38 Secure Element API Restricted to Google Wallet on Android Introduced in (Gingerbread) Required system-level permissions through 4.0 (Ice Cream Sandwich) In 4.04, allows apps with a signature in /etc/nfcee_access.xml The only signature in that file is Google Wallet Requires root access to update
39 SE API Limitations Very basic allows application to open a channel to the SE and transmit APDUs Works for embedded SE's But not for the UICC or microsd SE's used in some phones For microsd SE's, you need the open-source Secure Element Evaluation Kit (SEEK) UICC SE's is not directly connected to the application processor and must be reached through the proprietary code and the Radio Interface Layer
40 Access Control for SE's Embedded SE's use a whitelist /etc/nfcee_access.xml SEEK uses GlobalPayment An additional app on the SE with a list of application signatures and applets Smartcard API contains Access Control Enforcer Compares signature of calling application to signature stored in the SE card to see if application has permission for the chosen applet
41 Mobile Application Consumers see this part User selects which card to use for a payment Google Wallet requires the user to enter a four-digit PIN to make a payment Protects against device theft Better than contactless credit cards
42 Google Wallet Vulnerabilities
43 PIN Storage Vulnerability PIN entry required for transactions Only six tries permitted But an attacker who steals a device and then roots it can extract the PIN from the salted hash Because it's not stored on the SE Storing it on the SE would make banks liable for breaches due to stolen PINs Links Ch 9s, 9t
44 Link Ch 9t (2012)
45 PIN Storage PIN is salted with a 64-bit random value and hashed with one round of SHA-256
46 Storage of Hash Salt and hash stored in a SQLite database in Google Wallet's /data directory /data/data/ com.google.android.apps.walletnfcrel/ databases/walletdatastore "Wallet Cracker" simply tries all 10,000 four-digit PINs to find PIN from the hash
47 Google's Response Don't run Google Wallet on rooted phones Not very reassuring since the thief can root your phone Much better to perform PIN storage and verification on the SE Also store the PIN try counter on the SE
48 Countermeasures for Google Wallet Cracker Don't root your device Enable Android lock screen Disable ADB debugging Keep up-to-date with patches
49 Relay Attacks (MITM) "Mole" reader gets close to target mobile device Attacker's mobile gets near POS terminal APDUs are passed via TCP/IP
50 Relay Attack Limitations Target's mobile payment app must be unlocked Google Wallet requires entry of a PIN to unlock
51 Relay Through a Malicious App Works against Google Wallet Because it exposes payment credentials to the contact interface Requires root privileges to bypass SE API signature authentication
52 Relay Attack Countermeasures Contactless POS terminals should enforce a timeout on all transactions Relay attack requires network communications which slows it down Not very practical because errors can cause delays in legitimate transactions Use location information to flag suspicious transactions Target mobile is not really near the POS Requires target GPS to be active and consumer's consent
53 Relay Attack Countermeasures Google Wallet is no longer vulnerable to the second attack It no longer exposes payment applets over the contact interface
54 Square Vulnerabilities
55 Square Square Register Mobile app Magnetic stripe reader Plugs into audio jack Free Allows anyone to take credit card transactions Charging 2.75% of each transaction
56 EMV (Europay, MasterCard and Visa) aka Chip-and-PIN Square reader has two slots Can use magstripe or chip
57 Skimming Any app that can receive audio data can steal the magnetic data from the Square device VeriFone released an app to do this In order to compete with Square
58 Link Ch 9u Verifone v. Square
59 Skimming Countermeasures Manual skimming requires the card Same as skimmers that have been used for years A software attack against the reader could do more harm In 2012, Square modified their reader to encrypt the audio stream Encrypted data is sent to Square's servers and decrypted there Prevents rogue apps getting the credit card #
60 Replay Attack Malicious app could record audio stream and replay is back to make another purchase Demonstrated by Adam Laurie and Zac Franken at Black Hat in 2011 Also reverse-engineered the format Square reader uses for data from credit card They could manufacture correct audio streams from magnetic Track 2 data, which can be purchased on the black market
61 Replay Attack They could therefore use Square to perform mass fraud Instead of manufacturing fake credit cards
62 Replay Attack Countermeasures Square's encryption prevents this Textbook author verified that replaying an encrypted audio stream is not accepted as a valid Square transaction anymore So Square is changing the key, or using a nonce, or something similar
Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices
Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices Michael Roland University it of Applied Sciences Upper Austria,, Austria WIMA 2012 NFC Research Track 11 April 2012, Monaco
More informationCh 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated
Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture
More informationMobile Security Fall 2014
Mobile Security Fall 2014 Patrick Tague Class #8 NFC & Mobile Payment 1 Announcements Reminder: first group of SoW presentations will be today, starting ~1/2 way through class Written SoW is a separate
More informationCongratulations on the purchase of your new Clover Flex
Congratulations on the purchase of your new Clover Flex Set Up the Hardware What s included Clover Flex Charging cradle Receipt paper Power cord (2 for EU) Power brick Screwdriver Clover Flex Features
More informationHCE security implications. Analyzing the security aspects of HCE
HCE security implications Analyzing the security aspects of HCE January 8th, 2014 White paper - HCE security implications, analyzing the security aspects of HCE HCE security implications About the authors:
More informationPractical Attack Scenarios on Secure Element-enabled Mobile Devices
Practical Attack Scenarios on Secure Element-enabled Mobile Devices Michael Roland University it of Applied Sciences Upper Austria,, Austria 4 th International Workshop on Near Field Communication 13 March
More informationSecurity of NFC payments
Security of NFC payments Olga Korobova Department of Computer Science University of Massachusetts Amherst Abstract Our research objective was to examine the security features implemented by the bank cards
More informationRelay Attacks on Secure Elementenabled
Relay Attacks on Secure Elementenabled Mobile Devices Virtual Pickpocketing Revisited Michael Roland University of Applied Sciences Upper Austria,, Austria SEC2012 IFIP International Information Security
More informationSMART CARDS. Miguel Monteiro FEUP / DEI
SMART CARDS Miguel Monteiro apm@fe.up.pt FEUP / DEI WHAT IS A SMART CARD Distinguishable characteristics Can participate in automated electronic transactions Used primarily to add security Not easily forged
More informationCredit Card Frauds Sept.08, 2016
Credit Card Frauds Sept.08, 2016 Definitions Credit Card A card allowing the holder to purchasing goods or services on credit Debit Card A card allowing transfer of money from a bank a/c electronically
More informationANZ Mobile Pay Terms and Conditions and Licence Agreement for Android Devices
ANZ Mobile Pay Terms and Conditions and Licence Agreement for Android Devices Version: 1.0 Dated: 1 January 2016 1. Introduction ANZ Mobile Pay is an app suitable for use on an Android powered device that
More informationRevision of HSBC Bank Malaysia Berhad ( HSBC Bank ) Universal Terms and Conditions
Revision of HSBC Bank Malaysia Berhad ( HSBC Bank ) Universal Terms and Conditions Dear valued customers, We would like to inform that our Universal Terms and Conditions for HSBC Bank will be updated and
More informationAdversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov
Adversary Models CPEN 442 Introduction to Computer Security Konstantin Beznosov why we need adversary models? attacks and countermeasures are meaningless without 2 elements of an adversary model objectives
More informationDigital Payments Security Discussion Secure Element (SE) vs Host Card Emulation (HCE) 15 October Frazier D. Evans
Digital Payments Security Discussion Secure Element (SE) vs Host Card Emulation (HCE) 15 October 2014 Frazier D. Evans Evans_Frazier@bah.com There are four key areas that need to be investigated when talking
More informationSession 2: Understanding the payment ecosystem and the issues Visa Europe
Session 2: Understanding the payment ecosystem and the issues Visa Europe Agnes Revel Martineau VP, Head of Product Specifications, Standards and Industry Liaison ETSI 01st, July, 2014 Agenda You said
More informationMObIlE MOnEy PhoTo by istock
mobile money Photo by istock Finding the value in mobile payments for merchants and consumers egan Chesterfield reaches into her purse to pay for a cup of coffee. Instead of a wallet, she pulls out a smartphone.
More informationWebinar Tokenization 101
Webinar Tokenization 101 René M. Pelegero Retail Payments Global Consulting Group L.L.C December 15 th, 2014 Webinar Overview A description of tokenization and how the technology is being employed in the
More informationNFC Payments: The Art of Relay & Replay Attacks. Salvador Mendoza August 14, 2018
1 NFC Payments: The Art of Relay & Replay Attacks Salvador Mendoza August 14, 2018 2 Disclaimer This white paper is a shortened version of the actual research. Unfortunately, some techniques and exploitation
More informationBML MobilePay FAQ. Page 1
1. What is BML MobilePay App? BML MobilePay is a safe, easy and quick way to make purchases at merchant outlets and send money to individuals via your smartphone. It is a safe and secure method which does
More informationJrsys Mobile Banking Solutions
Jrsys Mobile Banking Solutions Jrsys International corp. James Wu Mobile PKI solutions 1.Mobile CA 2.Mobile RA 3.Mobile Signing and Validation Service CA Mobile Signature/ Encryption Mobile PKI Mobile
More informationNFC embedded microsd smart Card - Mobile ticketing opportunities in Transit
NFC embedded microsd smart Card - Mobile ticketing opportunities in Transit July 2017 By: www.smk-logomotion.com Introduction Presentation is describing NFC enabled microsd smart card (LGM Card) Technical
More informationApple Pay - Frequently Asked Questions
Apple Pay - Frequently Asked Questions What is Apple Pay? Apple Pay is a payments feature integrated into the Wallet app on your ios device that lets you add your Century Bank (CB) MasterCard Debit Card
More informationApple Pay FREQUENTLY ASKED QUESTIONS
Apple Pay FREQUENTLY ASKED QUESTIONS At Park Bank, we want to make it easy and secure for you to use your credit card to make payments in stores and online. That s why we re pleased to offer Apple Pay
More information3. Why should I use Samsung Pay instead of my physical cards?
Overview 1. What is Samsung Pay? Samsung Pay is a secure and easy-to-use mobile payment service which can be used to make purchases almost anywhere. Leveraging a new proprietary technology called Magnetic
More informationDesign and Implementation of a Mobile Transactions Client System: Secure UICC Mobile Wallet
Design and Implementation of a Mobile Transactions Client System: Secure UICC Mobile Wallet Hao Zhao, Sead Muftic School of Information and Communication Technologies (ICT) Royal Institute of Technology
More informationMobile Banking FAQ. 1 P a g e 1 0 / 1 9 /
Mobile Banking FAQ Q) Can anyone sign up for Mobile Banking? A) Mobile Banking enables any consumer with online banking to access their account information from a mobile device. Mobile Banking offers three
More informationFrequently Asked Questions
Frequently Asked Questions 1. What is Samsung Pay? Samsung Pay is a secure and easy-to-use mobile payment service. You can add your SBI Debit Card issued on Visa and MasterCard platform on your Samsung
More informationMobile Payment Security, Threats, and Challenges
Mobile Payment Security, Threats, and Challenges Yong Wang Christen Hahn and Kruttika Sutrave College of Computing College of Computing Dakota State University Dakota State University Madison, SD 57042
More informationFFIEC Guidance: Mobile Financial Services
FFIEC Guidance: Mobile Financial Services Written by: Jon Waldman, CISA, CRISC Partner and Senior Information Security Consultant Secure Banking Solutions, LLC FFIEC Updates IT Examination Handbook to
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More informationTopics. Ensuring Security on Mobile Devices
Ensuring Security on Mobile Devices It is possible right? Topics About viaforensics Why mobile security matters Types of security breaches and fraud Anticipated evolution of attacks Common mistakes that
More informationNFC Payments: The Art of Relay & Replay Attacks
NFC Payments: The Art of Relay & Replay Attacks Who am I? Security Researcher @Netxing Co-founder of Women in Tech Fund (WomenInTechFund.org) NFC Technology RFID Spectrum (Radio Frequency Identification)
More informationRev. C 8/16/2017. VP3300/VP3300C/VP3300E User Manual
80149509-001 Rev. C 8/16/2017 VP3300/VP3300C/VP3300E User Manual Copyright 2017, ID TECH. All rights reserved. ID TECH 10721 Walker Street Cypress, CA 90630 USA This document, as well as the software and
More informationPayment Security: Attacks & Defences
Payment Security: Attacks & Defences Dr Steven J Murdoch University College London COMPGA03, 2014-12-02 UK fraud is going up again Chip & PIN deployment period Losses ( m) 0 50 100 150 200 250 300 Card
More informationPayment systems. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014
Payment systems Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 1. Card payments Outline 2. Anonymous payments and BitCoin 2 CARD PAYMENT 3 Bank cards Credit or debit card Card
More informationCh 8: Mobile Development Security. CNIT 128: Hacking Mobile Devices. Revised
Ch 8: Mobile Development Security CNIT 128: Hacking Mobile Devices Revised 4-12-17 App Security Constraints Built-in security features of the mobile platform Possibility of device theft Mobile App Threat
More informationCongratulations on the purchase of your new Clover Mobile
Congratulations on the purchase of your new Clover Mobile Set Up the Hardware What s included Optional Accessories USB wall charger USB cable Clover Mobile Dock Clover Mobile Printer Clover Mobile Clover
More informationCongratulations on the purchase of your new Clover Mobile
Congratulations on the purchase of your new Clover Mobile Set Up the Hardware What s included Optional Accessories Clover Mobile Dock Clover Mobile Printer Clover Mobile Clover Clip Clover PIN Entry Aid
More informationUser Guide. Accept EFTPOS, Visa and Mastercard payments on the go with Kiwibank QuickPay.
User Guide Accept EFTPOS, Visa and Mastercard payments on the go with Kiwibank QuickPay. Kiwibank QuickPay terms and conditions apply. Kiwibank QuickPay is only available for business banking purposes.
More informationTarget Breach Overview
Target Breach Overview Q: Media reports are stating that Target experienced a data breach. Can you provide more specifics? A: Yes, Target has confirmed that it experienced unauthorized access to its systems
More informationDFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017
DFARS 252.204-7012 Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017 As with most government documents, one often leads to another. And that s the case with DFARS 252.204-7012.
More informationNear Field Communication Security
Near Field Communication Security Thomas Patzke 22.04.2015 Who am I... Thomas Patzke (formerly Skora) Who am I... Thomas Patzke (formerly Skora) Started with security related topics somewhere in the 90s
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationImproving the Student Experience with a Unified Credential. Jeff Staples VP Market Development Blackboard Transact
Improving the Student Experience with a Unified Credential Jeff Staples VP Market Development Blackboard Transact 93% High school students who say campus technology is a key factor in their college selection
More informationUse Wallet on your iphone or ipod touch
Use Wallet on your iphone or ipod touch With Wallet, you can keep your credit, debit, and prepaid cards, store cards, boarding passes, movie tickets, coupons, rewards cards, and more in one place. With
More informationPrepaid Access MIDWEST ANTI-MONEY LAUNDERING CONFERENCE Federal Reserve Bank of Kansas City March 5, 2014
Prepaid Access 2014 MIDWEST ANTI-MONEY LAUNDERING CONFERENCE Federal Reserve Bank of Kansas City March 5, 2014 Discussion Points Emerging Technology Prepaid Access What is it and how does it work? Open
More informationD220 - User Manual mypos Europe Ltd. mypos Mini Ice En
D220 - User Manual mypos Europe Ltd. mypos Mini Ice En CONTENTS Introduction... 2 Scope... 2 Related documentation... 2 Internet connectivity... 2 Using D220 with a mobile phone (via Bluetooth or personal
More informationMobile Wallet Service Terms and Conditions
Mobile Wallet Service Terms and Conditions These Terms and Conditions govern your use of eligible debit or credit cards issued by Publix Employees Federal Credit Union (each, a "Payment Card") when you
More informationSecure Elements 101. Sree Swaminathan Director Product Development, First Data
Secure Elements 101 Sree Swaminathan Director Product Development, First Data Secure Elements Secure Element is a tamper resistant Smart Card chip that facilitates the secure storage and transaction of
More informationCOMPGA12 1 TURN OVER
Applied Cryptography, COMPGA12, 2009-10 Answer ALL questions. 2 hours. Marks for each part of each question are indicated in square brackets Calculators are NOT permitted 1. Multiple Choice Questions.
More informationVersion 2.3 March 2, WisePad 2 Security Policy
Version 2.3 March 2, 2016 WisePad 2 Security Policy Table of Content 1 Introduction...3 1.1 Purpose and Scope...3 1.2 Audience...3 1.3 Reference...3 1.4 Glossary of Terms and Abbreviations...4 2 General
More informationIdentity-Enabled Transactions Based on the EMVCo Payment Tokenization Specification. Authors: Yue Zhu Asmaa Aljohani Gyan Singh Namdhari.
Identity-Enabled Transactions Based on the EMVCo Payment Tokenization Specification Authors: Yue Zhu Asmaa Aljohani Gyan Singh Namdhari Dr. Seth Nielson Mentors: Maria Vachino December 12, 2016 Table of
More informationPower LogOn s Features - Check List
s s - Check List Versions The software is available in two versions, to meet the needs of all types and sizes of organizations. The list below indicates the features that are included in each version.
More informationThe Money Is in the Square Cash Lets Users Funds to Friends
The Money Is in the Email Square Cash Lets Users Email Funds to Friends By: WALTER S. MOSSBERG October 15, 2013 Square now has a service that makes transferring money to a friend as easy as sending them
More informationSetting Up and Using Cardinal Visa with Apple Pay
Setting Up and Using Cardinal Visa with Apple Pay Apple Pay Instructions Complete Guide Page 1 Contents [CARDINAL VISA - APPLE PAY] October 1, 2015 Supported cards... 3 Before you begin... 3 Quick Setup
More informationExposing The Misuse of The Foundation of Online Security
Exposing The Misuse of The Foundation of Online Security HLA ID: 90FZSBZFZSB 56BVCXVBVCK 23YSLUSYSLI 01GATCAGATC Cyber space is very similar to organic realm Keys & certificates are like HLA tags But,
More informationSamsung Pay Frequently Asked Questions
1 Samsung Pay Frequently Asked Questions Contents 1. About Samsung Pay..2 2. Getting Started..2 3. Using Samsung Pay to make payments..3 4. Samsung Pay Security..5 5. Miscellaneous 6 1 2 About Samsung
More informationMU2a Authentication, Authorization & Accounting Questions and Answers with Explainations
98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low
More informationCredit Card/-i PIN & PAY - Frequently Asked Questions
Credit Card/-i PIN & PAY - Frequently Asked Questions 1. About PIN & PAY Implementation of PIN & PAY card is an industry-wide initiative to replace signature cards with PIN-enabled cards. From 1 July 2017
More informationAttacks on NFC enabled phones and their countermeasures
Attacks on NFC enabled phones and their countermeasures Arpit Jain: 113050028 September 3, 2012 Philosophy This survey explains NFC, its utility in real world, various attacks possible in NFC enabled phones
More informationSecurity of Transaction performed using credit card reader for smartphones and Tablets. Author Falade Tunde Supervisor - Dr Kris Gaj
Security of Transaction performed using credit card reader for smartphones and Tablets Author Falade Tunde Supervisor - Dr Kris Gaj Purpose The reason for taking on this project is to analyze the security
More informationUser Guide. Accept EFTPOS, Visa and Mastercard payments on the go with Kiwibank QuickPay.
User Guide Accept EFTPOS, Visa and Mastercard payments on the go with Kiwibank QuickPay. Kiwibank QuickPay terms and conditions apply. Kiwibank QuickPay is only available for business banking purposes.
More informationSecuring Multiple Mobile Platforms
Securing Multiple Mobile Platforms CPU-based Multi Factor Security 2010 Security Workshop ETSI 2010 Security Workshop Navin Govind Aventyn, Inc. Founder and CEO 1 Mobile Platform Security Gaps Software
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationSquare Credit Card Reader Customer Service Phone Number
Square Credit Card Reader Customer Service Phone Number Square-Up Customer Support Phone Number and Contact Information / Contact Square Or, contact us anytime to discuss a mobile credit card processing
More informationCongratulations on the purchase of your new Clover Mini
Congratulations on the purchase of your new Clover Mini Set Up the Hardware What s included The white USB cord provided can be used to plug into the Hub and connected to other accessories (such as the
More informationCSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Entity Authentication Professor Lisa Luo Spring 2018 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know
More informationSystem-Level Failures in Security
System-Level Failures in Security Non linear offset component (ms) 0.0 0.5 1.0 1.5 2.0 Variable skew De noised Non linear offset Temperature 26.4 26.3 26.2 26.1 26.0 25.9 25.8 Temperature ( C) Fri 11:00
More informationPCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard
Introduction Verba provides a complete compliance solution for merchants and service providers who accept and/or process payment card data over the telephone. Secure and compliant handling of a customer
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Smart Cards 2 University of Tartu Spring 2015 1 / 19 Security Model Parties involved in smart card based system: Cardholder Data owner Terminal Card issuer Card manufacturer
More informationLET S TALK MONEY. Fahad Pervaiz. Sam Castle, Galen Weld, Franziska Roesner, Richard Anderson
LET S TALK MONEY Fahad Pervaiz Sam Castle, Galen Weld, Franziska Roesner, Richard Anderson Unbanked Population Branchless Banking Bank/Financial Institute Bank of America, Standard Chartered Bank Telecommunication
More informationGetting Started with Blackbaud MobilePay
chapter 1 Getting Started with Blackbaud MobilePay Using the Blackbaud MobilePay application and reader, you can accept and process credit card transactions through your iphone, ipad, or Android phone
More informationDynaPro Go. Secure PIN Entry Device PCI PTS POI Security Policy. September Document Number: D REGISTERED TO ISO 9001:2008
DynaPro Go Secure PIN Entry Device PCI PTS POI Security Policy September 2017 Document Number: D998200217-11 REGISTERED TO ISO 9001:2008 MagTek I 1710 Apollo Court I Seal Beach, CA 90740 I Phone: (562)
More informationWill Mobile Phones Replace Cards?
Will Mobile Phones Replace Cards? Bastian Knoppers, Senior Vice President Card Personalization and Fulfillment, FIS Soren Bested, Managing Director Monitise Americas Kevin Morrison, Senior Vice President
More informationMobile Contactless Technology Backgrounder
Mobile Contactless Technology Backgrounder June 2011 1. In2Pay TM microsd architecture... 3 2. In2Pay microsd basic features... 4 3. Differences between In2Pay v2.0 and v2.6... 5 4. Support for full NFC
More informationBANK WAYS TO. Secure and convenient banking options to fit your lifestyle. Branches. Online Banking. Phoneline Banking. Mobile Banking.
WAYS TO BANK Secure and convenient banking options to fit your lifestyle Branches Online Banking Phoneline Banking Mobile Banking Post Office Cash Machines Contents 01 What can I do in branch? What can
More informationThe Open Application Platform for Secure Elements.
The Open Application Platform for Secure Elements. Java Card enables secure elements, such as smart cards and other tamper-resistant security chips, to host applications, called applets, which employ Java
More informationAll you need to know about OCBC Google Pay
All you need to know about OCBC Google Pay About Google Pay 1. What is Google Pay and can I participate as an OCBC Credit or Debit Card Member? Google Pay is a secure and easy-to-use mobile payment service
More informationCorey Benninger Max Sobell
Corey Benninger Max Sobell NFC Overview What is NFC? Hardware basics behind NFC Antennas and waveforms Tags and access control NFC Data Exchange Format (NDEF) NFC Application Attacks Privacy Mobile Wallets
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationMobile Device Support. Jeff Dove February
Mobile Device Support Jeff Dove February 18 2017 Apple is a vertical company. Apple and IOS Control of type and design of hardware components Control over phone operating system and updates Control over
More informationSamsung Pay - Frequently Asked Questions
Samsung Pay - Frequently Asked Questions Contents Overview............ 2 Registration.............2 Security..............4 Technology........... 5 Payment............ 6 Account.............8 Citi Rebate..............9
More informationOpen Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014
The enabler of solutions Alexander Summerer, Giesecke & Devrient 30th Oct. 2014 SIMalliance Allows usage of Secure Elements in Mobile Devices Designed for Open Handset OS platforms Common API for Apps
More informationPresentation of the Interoperability specification for ICCs and Personal Computer Systems, Revision 2.0
PC/SC Workgroup White Paper Presentation of the Interoperability specification for ICCs and Personal Computer Systems, Revision 2.0 Abstract This document presents the upcoming revision 2.0 of the Interoperability
More informationTOP RISK CONCERNS MERCHANT DATA BREACHES. Presented by Ann Davidson, VP of Risk Consulting at Allied Solutions
TOP RISK CONCERNS MERCHANT DATA BREACHES Presented by Ann Davidson, VP of Risk Consulting at Allied Solutions Today s Webinar Will Cover: Current state of merchant data breaches Impact of merchant data
More informationBluetooth mobile solutions APPLICATION NOTE / FAQ. Page 1 on 24
Bluetooth mobile solutions APPLICATION NOTE / FAQ Page 1 on 24 Table of Contents I. Introduction... 5 II. Bluetooth Smart technology General principles... 5 III. Frequently Asked Questions... 5 A. STid
More informationMOBILE WALLET TECHNOLOGIES: GLOBAL MARKETS. IFT070A April Priyanka Patel Project Analyst ISBN:
MOBILE WALLET TECHNOLOGIES: GLOBAL MARKETS IFT070A April 2013 Priyanka Patel Project Analyst ISBN: 1-56965-176-0 BCC Research 49 Walnut Park, Building 2 Wellesley, MA 02481 866-285-7215, 781-489-7301 www.bccresearch.com
More informationOptimised to Fail: Card Readers for Online Banking
Optimised to Fail: Card Readers for Online Banking Saar Drimer Steven J. Murdoch Ross Anderson www.cl.cam.ac.uk/users/{sd410,sjm217,rja14} Computer Laboratory www.torproject.org Financial Cryptography
More informationCN!Express CX-6000 Single User Version PCI Compliance Status Version June 2005
85 Grove Street - Peterboro ugh, N H 0345 8 voice 603-924-6 079 fax 60 3-924- 8668 CN!Express CX-6000 Single User Version 3.38.4.4 PCI Compliance Status Version 1.0 28 June 2005 Overview Auric Systems
More informationOnline Banking Security
Online Banking Security Fabian Alenius Uwe Bauknecht May 17, 2009 Contents 1 Introduction 2 2 Secure Communication 2 2.1 Password authentication..................... 2 2.2 One-time Passwords.......................
More informationThe Lord of the Keys How two-part seed records solve all safety concerns regarding two-factor authentication
White Paper The Lord of the Keys How two-part seed records solve all safety concerns regarding two-factor authentication Table of contents Introduction... 2 Password protection alone is no longer enough...
More informationMobile Wallets. Bob Testa
Mobile Wallets Bob Testa bobtesta@sbcglobal.net Internet Finance Management: Buying Things How many of you have used a mobile device to pay for An online purchase? A purchase of physical goods? Kids Understand
More informationmypos Mini - User Manual mypos Europe Ltd. mypos Mini En
mypos Mini - User Manual mypos Europe Ltd. mypos Mini En CONTENTS Introduction... 2 Scope... 2 Related documentation... 2 Internet connectivity... 2 Using mypos Mini with a mobile phone (via Bluetooth
More informationBefore You Lose Your iphone
iphones are lost and stolen every day, but luckily Apple has robust tools built into ios that will keep your data safe and your device unusable if it's misplaced or snatched by a thief. With Find My iphone,
More informationPaying. on the go: Mobile payments slowly catch on in the United States
Paying on the go: Mobile payments slowly catch on in the United States apan adopted a mobile payment system for mass transit as a way to move millions of commuters through congested stations. Some African
More informationPortico VT. User Guide FOR HEARTLAND MERCHANT USERS APRIL 2015 V2.8
Portico VT User Guide FOR HEARTLAND MERCHANT USERS APRIL 2015 V2.8 Notice THE INFORMATION CONTAINED HEREIN IS PROVIDED TO RECIPIENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
More informationStop in the name of EMV! Is merchant regulation breaking your heart? April 4, Amegy Bank, a division of ZB, N.A. Member FDIC
Stop in the name of EMV! Is merchant regulation breaking your heart? April 4, 2017 Introductions Ana Chandler AVP, Treasury Management Sales Julie Fairbanks VP, Merchant Sales William (Bill) Rogers VP
More informationNear Field Communication: IoT with NFC. Dominik Gruntz Fachhochschule Nordwestschweiz Institut für Mobile und Verteilte Systeme
Near Field Communication: IoT with NFC Dominik Gruntz Institut für Mobile und Verteilte Systeme NFC Experience at FHNW 2005/06 First NFC demonstrator (with Siemens CX70 Emoty) NFC was included in a removable
More informationFrequently Asked Questions (FAQs) - Customers
Frequently Asked Questions (FAQs) - Customers What is Upay? Upay is Bangladesh s 1 st cryptographically secured QR (Quick Response) Code based digital payment system of UCB which can be used in payments
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More information